CycloneDX
feat!: v8.0.0
BREAKING Changes
- Removed
cyclonedx.mode.ThisTool, utilizecyclonedx.builder.this.this_tool()instead. - Moved
cyclonedx.model.Tooltocyclonedx.model.tool.Tool. - Property
cyclonedx.mode.bom.BomMetaData.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.toolsis of typecyclonedx.model.tool.ToolRepositorynow, wasSortedSet[cyclonedx.model.Tool].
The getter will act accordingly; the setter might act in a backwards-compatible way. cyclonedx.model.license.LicenseExpression()accepts optional argumentacknowledgementonly as key-word argument, no longer as positional argument.
Changes
- Constructor of
cyclonedx.model.bom.BomMetaDataalso accepts an instance ofcyclonedx.model.tool.ToolRepositoryfor argumenttools - Constructor of
cyclonedx.model.bom.BomMetaDatano longer adds this very library as a tool.
Downstream users SHOULD add it manually, likemy-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).
Fixes
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository. - New function
cyclonedx.builder.this.this_component()-- representation of this very python library as aComponent. - New function
cyclonedx.builder.this.this_tool()-- representation of this very python library as aTool. - New function
cyclonedx.model.tool.Tool.from_component().
Dependencies
- Raised runtime dependency
py-serializable>=1.1.1,<2, was>=1.1.0,<2.
Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
fixes #561 fixes #594 fixes #673 fixes #681 includes #595 includes #635 includes #649 includes #674 includes #682 includes #684 includes #686 includes #687
Coverage summary from Codacy
See diff coverage on Codacy
| Coverage variation | Diff coverage |
|---|---|
| :white_check_mark: +0.28% | :white_check_mark: 100.00% (target: 80.00%) |
Coverage variation details
| Coverable lines | Covered lines | Coverage | |
|---|---|---|---|
| Common ancestor commit (a210809efb34c2dc895fc0c6d96a3412a9097625) | 4500 | 4198 | 93.29% |
| Head commit (fb5547cd84eed795af3d678577db67e9d63c5d41) | 4618 (+118) | 4321 (+123) | 93.57% (+0.28%) |
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>
Diff coverage details
| Coverable lines | Covered lines | Diff coverage | |
|---|---|---|---|
| Pull request (#665) | 197 | 197 | 100.00% |
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%
See your quality gate settings Change summary preferences
Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more
![codacy-production[bot] avatar](https://avatars.githubusercontent.com/in/56611?v=4 "Published by a pub.dev verified publisher"){kind=small}
@jkugler, A preview release has been published: https://pypi.org/project/cyclonedx-python-lib/8.0.0a1/ Here is the migration path: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/upgrading.html
downstream integration succeeded, as of https://github.com/CycloneDX/cyclonedx-python/pull/796
will publish a release candidate, soon
Release candidate 1 is available as of https://pypi.org/project/cyclonedx-python-lib/8.0.0rc1/ Here is the migration path: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/upgrading.html
Release candidate 2 is available as of https://pypi.org/project/cyclonedx-python-lib/8.0.0rc2/ Here is what changed: https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v8.0.0-rc.2 Here is the migration path: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/upgrading.html
was released via https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v8.0.0